lt;https://www.linkedin.com/in/thomas-raef-74b93a14/>
> > Facebook <https://www.facebook.com/WeWatchYourWebsite>
> >
> >
> >
> > On Fri, May 24, 2024 at 12:21 PM David Lang wrote:
> >
> >> or you have other actions in the config that happen befo
for some things.
David Lang
On Fri, 24 May 2024, Thomas Raef wrote:
Date: Fri, 24 May 2024 12:37:15 -0400
From: Thomas Raef
To: David Lang
Cc: Rainer Gerhards via rsyslog ,
Rainer Gerhards
Subject: Re: [rsyslog] Stop actions
I created a lower numbered rules file with just this in it
ia rsyslog wrote:
>
> > Date: Fri, 24 May 2024 13:57:07 +0200
> > From: Rainer Gerhards via rsyslog
> > To: Thomas Raef
> > Cc: Rainer Gerhards ,
> > rsyslog-users
> > Subject: Re: [rsyslog] Stop actions
> >
> > pls show your complete co
: [rsyslog] Stop actions
pls show your complete config. I guess the ruleset is not bound to
anything. Otherwise, $rawmsg MUST fit. As such, I think the ruleset is
never activated for these messages.
Rainer
El vie, 24 may 2024 a las 13:43, Thomas Raef
() escribió:
I changed it to:
ruleset(name
pls show your complete config. I guess the ruleset is not bound to
anything. Otherwise, $rawmsg MUST fit. As such, I think the ruleset is
never activated for these messages.
Rainer
El vie, 24 may 2024 a las 13:43, Thomas Raef
() escribió:
>
> I changed it to:
>
> ruleset(name="drop") {
> if ($raw
I changed it to:
ruleset(name="drop") {
if ($rawmsg contains "temp-write-test-") or ($rawmsg contains "-mc.log") or
($rawmsg contains "/bb-plugin/cache") then {
stop
}
}
But the messages still show up.
If the message is malformed, what can I do?
This is one such message I'm still getting:
"mes
I guess the message is malformed and the string you look for is inside
another field.
I would suggest that you use "$rawmsg" instead of "$msg". If that
works, a) we are on the right track and b) you actually solved the
issue, albeit probably not in the best possible way.
HTH
Rainer
El vie, 24 ma
7 matches
Mail list logo
